[dnstap] Windows DNS ETW to dnstap interoperability
Stephen Vickers
stephen.vickers at telemity.com
Mon May 25 14:16:48 UTC 2026
Hi all,
I’ve been working on a Windows DNS telemetry collector called DnsStream which captures DNS telemetry directly from the native Windows DNS server ETW provider and now emits standards-compatible dnstap over TCP/TLS using fstrm.
One of the motivations was enabling Windows DNS infrastructure to participate in existing dnstap-compatible pipelines and tooling without relying on packet capture or Windows DNS debug logging.
The implementation currently maps Windows ETW query/response events into generated CLIENT_QUERY and CLIENT_RESPONSE dnstap messages while preserving the original DNS packet bytes from ETW.
I noticed Windows does not currently appear in the ecosystem/platform listings around dnstap and was interested in whether this kind of interoperability work would be considered useful/relevant to the wider dnstap ecosystem.
Would also be very interested in any feedback around interoperability expectations, field semantics, or implementation details that people think are important for ecosystem compatibility.
Thanks
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.redbarn.org/pipermail/dnstap/attachments/20260525/f5cfd87a/attachment.htm>
More information about the dnstap
mailing list